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Current approaches to access control on the Web servers do not scale to enterprise-wide 
systems because they are mostly based on individual user identities. Hence we were 
motivated by the need to manage and enforce the strong and efficient RBAC access 
control technology in large-scale Web environments. To satisfy this requirement, we 
identify two different architectures for RBAC on the Web, called user-pull and server-pull. 
To demonstrate feasibility, we im ... 
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This paper outlines a framework for implementing security for Web Services by extending 
UDDI and WSDL The framework includes security of UDDI itself, security of Web services 
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transactions, and linkages with existing infrastructures outside UDDI. Extensions to the 
schema for both UDDI and WSDL are identified, as well as extensions to the security of 
thepublication and discovery mechanism itself. 

Keywords: UDDI, WSDL, XML schema, security, standards 
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The major emphasis of public key infrastructure has been to provide a cryptographically 
secure means of authenticating identities. However, procedures for authorizing the 
holders of these identities to perform specific actions still need additional research and 
development. While there are a number of proposed standards for authorization 
structures and protocols such as KeyNote, SPKI, and SAML based on X.509 or other key- 
based identities, none have been widely adopted. As part of an effort to us ... 
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Understanding distributed applications is a tedious and difficult task. Visualizations based 
on process-time diagrams are often used to obtain a better understanding of the 
execution of the application. The visualization tool we use is Poet, an event tracer 
developed at the University of Waterloo. However, these diagrams are often very complex 
and do not provide the user with the desired overview of the application. In our 
experience, such tools display repeated occurrences of non-trivial commun ... 
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The current Internet has no secure way to validate the correctness of the routing 
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information. We suggest a mechanism that supports secure validation of routing 
information in the interdomain routing protocol of the Internet. Our mechanism focuses 
on alleviating obstacles which previously prevent the complete and correct construction of 
the Internet routing information. In particular, we propose an identity-based Registry with 
Authorized and Verifiable Search (RAVS) so that routing inform ... 
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This paper characterizes the security of group collaboration as being a product not merely 
of cryptographic algorithms and coding practices, but also of the man-machine process of 
group creation. We show that traditional security mechanisms do not properly address the 
needs of a secured collaboration and present a research prototype, called NGC (next 
generation collaboration), that was designed to meet those needs. NGC distinguishes 
itself in the care with which the man-machine process was analy ... 
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Authorization systems today are increasingly complex. They span domains of 
administration, rely on many different authentication sources, and manage permissions 
that can be as complex as the system itself. Worse still, while there are many standards 
that define authentication mechanisms, the standards that address authorization are less 
well defined and tend to work only within homogeneous systems. This paper presents 
XACML, a standard access control language, as one component of a distributed a ... 

Keywords: access control decision, access control enforcement, authorization, 
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Medical information systems today store clinical information about patients in all kinds of 
proprietary formats. To address the resulting interoperability problems, several Electronic 
Healthcare Record standards that structure the clinical content for the purpose of 
exchange are currently under development. In this article, we present a survey of the 
most relevant Electronic Healthcare Record standards, examine the level of 
interoperability they provide, and assess their functionality in terms o ... 
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When DCE is implemented on an existing operating system platform, its security facilities 
need to be integrated with the local security facilities on that platform. One key task in 
this effort is the integration of the DCE registry and the local security registry. This paper 
discusses the requirement for registry integration, and considers alternative approaches 
to a number of major structural issues that arise when integrating the DCE registry with 
local registries, including :< ... 
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As our economy and critical infrastructure increasingly relies on the Internet, the 
insecurity of the underlying border gateway routing protocol (BGP) stands out as the 
Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of 
BGP. Securing BGP has become a priority. In this paper, we focus on a viable deployment 
path to secure BGP. We analyze security requirements, and consider tradeoffs of 
mechanisms that achieve the requirements. In particular, we study how to se ... 

Keywords: BGP, Border Gateway Protocol, interdomain routing, routing, security 
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Grapevine is a multicomputer system on the Xerox research internet. It provides facilities 
for the delivery of digital messages such as computer mail; for naming people, machines, 
and services; for authenticating people and machines; and for locating services on the 
internet. This paper has two goals: to describe the system itself and to serve as a case 
study of a real application of distributed computing. Part I describes the set of services 
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provided by Grapevine and how its data and funct ... 

15 Astrolabe: A robust and scalable technology for distributed system monitoring , 
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^ Robbert Van Renesse, Kenneth P. Birman, Werner Vogels 

May 2003 ACM Transactions on Computer Systems (TOCS), volume 21 issue 2 

Publisher: ACM Press 

Full text available* f53 pdf(341 62 KB) Additional Information: full citation , abstract , references , citings , index 
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Scalable management and self-organizational capabilities are emerging as central 
requirements for a generation of large-scale, highly dynamic, distributed applications. We 
have developed an entirely new distributed information management system called 
Astrolabe. Astrolabe collects large-scale system state, permitting rapid updates and 
providing on-the-fly attribute aggregation. This latter capability permits an application to 
locate a resource, and also offers a scalable way to track sys ... 

Keywords: Aggregation, epidemic protocols, failure detection, gossip, membership, 
publish-subscribe, scalability 
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May 2003 Proceedings of the 25th International Conference on Software 
Engineering 

Publisher: IEEE Computer Society 

Full text available:^ .... M 
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Publisher Site 

As more business activities are being automated and an increasing number of computers 
are being used to store sensitive information, the need for secure computer systems 
becomes more apparent. This need is even more apparent as systems and applications 
are being distributed and accessed via an insecure network, such as the Internet. The 
Internet itself has become critical for governments, companies, financial institutions, and 
millions of everyday users. Networks of computers support a multitude ... 

17 Access control with IBM Tivoli access mana ger 
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May 2003 ACM Transactions on Information and System Security (TISSEC), volume 6 
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Publisher: ACM Press 
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Web presence has become a key consideration for the majority of companies and other 
organizations. Besides being an essential information delivery tool, the Web is 
increasingly being regarded as an extension of the organization itself, directly integrated 
with its operating processes. As this transformation takes place, security grows in 
importance. IBM Tivoli Access Manager offers a shared infrastructure for authentication 
and access management, technologies that have begun to emerge in the com ... 

Keywords: Access control, WWW security, Web servers, authorization management 
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Publisher: ACM Press 
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Browser-based attribute-exchange protocols enable users of normal web browsers to 
conveniently send attributes, such as authentication or demographic data, to web sites. 
Such protocols might become very common and almost mandatory in general consumer 
scenarios over the next few years. We derive the privacy requirements on such protocols 
from general privacy principles and study their consequences for the protocol design. We 
also survey to what extent proposals like Microsoft's Passport, IBM's e- ... 

Keywords: BBAE, Liberty, Passport, SAML, Shibboleth, attribute-exchange, e-Community 
Single Signon, identity management, privacy, roles, security, single signon, traffic data, 
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(periodic$6 or (interval)) same (key 
near4 generat$6) same ((identifier 
or identification or "serial number" 
or "device name" or "ID" or 
biometric or (finger$lprint) or iris or 
pupil or "credit card")) and "license 
server" 


US-PGPUB; 
USPAT; 
EPO; JPO; 
DERWENT; 
IBM_TDB 


ADJ 


ON 


2006/10/25 16:01 

• 


S36 


109 


(periodic$6 or (interval)) same (key 
near4 generat$6) near9 ((identifier 
or identification or "serial number" 
or "device name" or "ID" or 
biometric or (finger$lprint) or iris or 
pupil or "credit card")) 


US-PGPUB; 
USPAT; 
EPO; JPO; 
DERWENT; 
IBM_TDB 


ADJ 


ON 


2006/10/25 16:20 
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S37 


7 


(periodic$6 or (interval)) same (key 
near4 generat$6) near9 ((identifier 
or identification or "serial number" 
or "device name" or "ID" or 
biometric or (finger$lprint) or iris or 
pupil or "credit card")) same license 


US-PGPUB; 
USPAT; 
EPO; JPO; 
DERWENT; 
IBMJTDB 


ADJ 


ON 


2006/10/25 16:22 


S38 


0 


(periodic$6 or (interval)) same (key 
near4 generat$6) near9 ((identifier 
or identification or "serial number" 
or "device name" or "ID" or 
biometric or (finger$lprint) or iris or 
pupil or "credit card")) and "license 
server" 


US-PGPUB; 
USPAT; 
EPO; JPO; 
DERWENT; 
IBMJTDB 


ADJ 


ON 


2006/10/25 16:23 


S39 


41 


(periodic$6 or (interval)) same (key 
near4 generat$6) near9 ((identifier 
or identification or "serial number" 
or "device name" or "ID" or 
biometric or (finger$lprint) or iris or 
pupil or "credit card")) and "rights" 


US-PGPUB; 
USPAT; 
EPO; JPO; 
DERWENT; 
IBMJTDB 


ADJ 


ON 


2006/10/25 16:23 


S40 


0 


(periodic$6 or (interval)) same (key 
near4 generat$6) near9 ((identifier 
or identification or "serial number" 
or "device name" or "ID" or 
biometric or (finger$lprint) or iris or 
pupil or "credit card")) and 
(copy$lprotection) 


US-PGPUB; 
USPAT; 
EPO; JPO; 
DERWENT; 
IBMJTDB 


ADJ 


ON 


2006/10/25 16:24 


S41 


2 


(periodic$6 or (interval)) same (key 
near4 generat$6) near9 ((identifier 
or identification or "serial number" 
or "device name" or "ID" or 
biometric or (finger$lprint) or iris or 
pupil or "credit card")) and 
(copy$lrights) 


US-PGPUB; 
USPAT; 
EPO; JPO; 
DERWENT; 
IBMJTDB 


ADJ 


ON 


2006/10/25 16:24 


S42 


17 


(periodic$6 or (interval)) same (key 
near4 generat$6) near9 ((identifier 
or identification or "serial number" 
or "device name" or "ID" or 
biometric or (finger$lprint) or iris or 
pupil or "credit card")) and 
^copy^>ingriLj 


US-PGPUB; 
USPAT; 
EPO; JPO; 
DERWENT; 
IBMJTDB 


ADJ 


ON 


2006/10/25 16:24 


S43 


. 2 


"4933971".pn. 


US-PGPUB; 
USPAT; 
EPO; JPO; 
DERWENT; 
IBM TDB 


ADJ 


ON 


2006/10/27 14:56 
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